Docker centos:6.10

Vulnerabilities

29 via 29 paths

Dependencies

129

Source

Group 6 Copy Created with Sketch. Docker

Target OS

centos:6
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 16
  • 13
Status
  • 29
  • 0
  • 0

high severity

RHSA-2018:2571

  • Vulnerable module: bind-libs
  • Introduced through: bind-libs@32:9.8.2-0.68.rc1.el6
  • Fixed in: 32:9.8.2-0.68.rc1.el6_10.1

Detailed paths

  • Introduced through: centos:6.10@* bind-libs@32:9.8.2-0.68.rc1.el6

Overview

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: processing of certain records when "deny-answer-aliases" is in use may trigger an assert leading to a denial of service (CVE-2018-5740) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) as the original reporter.

high severity

RHSA-2019:1492

  • Vulnerable module: bind-libs
  • Introduced through: bind-libs@32:9.8.2-0.68.rc1.el6
  • Fixed in: 32:9.8.2-0.68.rc1.el6_10.3

Detailed paths

  • Introduced through: centos:6.10@* bind-libs@32:9.8.2-0.68.rc1.el6

Overview

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

high severity

RHSA-2020:2383

  • Vulnerable module: bind-libs
  • Introduced through: bind-libs@32:9.8.2-0.68.rc1.el6
  • Fixed in: 32:9.8.2-0.68.rc1.el6_10.7

Detailed paths

  • Introduced through: centos:6.10@* bind-libs@32:9.8.2-0.68.rc1.el6

Overview

Affected versions of this package are vulnerable to RHSA-2020:2383. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) * bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade bind-libs to version or higher.

References

high severity

RHSA-2018:2571

  • Vulnerable module: bind-utils
  • Introduced through: bind-utils@32:9.8.2-0.68.rc1.el6
  • Fixed in: 32:9.8.2-0.68.rc1.el6_10.1

Detailed paths

  • Introduced through: centos:6.10@* bind-utils@32:9.8.2-0.68.rc1.el6

Overview

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: processing of certain records when "deny-answer-aliases" is in use may trigger an assert leading to a denial of service (CVE-2018-5740) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) as the original reporter.

high severity

RHSA-2019:1492

  • Vulnerable module: bind-utils
  • Introduced through: bind-utils@32:9.8.2-0.68.rc1.el6
  • Fixed in: 32:9.8.2-0.68.rc1.el6_10.3

Detailed paths

  • Introduced through: centos:6.10@* bind-utils@32:9.8.2-0.68.rc1.el6

Overview

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

high severity

RHSA-2020:2383

  • Vulnerable module: bind-utils
  • Introduced through: bind-utils@32:9.8.2-0.68.rc1.el6
  • Fixed in: 32:9.8.2-0.68.rc1.el6_10.7

Detailed paths

  • Introduced through: centos:6.10@* bind-utils@32:9.8.2-0.68.rc1.el6

Overview

Affected versions of this package are vulnerable to RHSA-2020:2383. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) * bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade bind-utils to version or higher.

References

high severity

RHSA-2019:1726

  • Vulnerable module: dbus-libs
  • Introduced through: dbus-libs@1:1.2.24-9.el6
  • Fixed in: 1:1.2.24-11.el6_10

Detailed paths

  • Introduced through: centos:6.10@* dbus-libs@1:1.2.24-9.el6

Overview

D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es): * dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass (CVE-2019-12749) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

high severity

RHSA-2019:1652

  • Vulnerable module: libssh2
  • Introduced through: libssh2@1.4.2-2.el6_7.1
  • Fixed in: 0:1.4.2-3.el6_10.1

Detailed paths

  • Introduced through: centos:6.10@* libssh2@1.4.2-2.el6_7.1

Overview

The libssh2 packages provide a library that implements the SSH2 protocol. Security Fix(es): * libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855) * libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856) * libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857) * libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

high severity

RHSA-2019:4152

  • Vulnerable module: nss-softokn
  • Introduced through: nss-softokn@3.14.3-23.3.el6_8
  • Fixed in: 0:3.44.0-6.el6_10

Detailed paths

  • Introduced through: centos:6.10@* nss-softokn@3.14.3-23.3.el6_8

Overview

The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Security Fix(es): * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

high severity

RHSA-2019:4152

  • Vulnerable module: nss-softokn-freebl
  • Introduced through: nss-softokn-freebl@3.14.3-23.3.el6_8
  • Fixed in: 0:3.44.0-6.el6_10

Detailed paths

  • Introduced through: centos:6.10@* nss-softokn-freebl@3.14.3-23.3.el6_8

Overview

The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Security Fix(es): * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

high severity

RHSA-2021:0056

  • Vulnerable module: openssl
  • Introduced through: openssl@1.0.1e-57.el6
  • Fixed in: 0:1.0.1e-59.el6_10

Detailed paths

  • Introduced through: centos:6.10@* openssl@1.0.1e-57.el6

Overview

Affected versions of this package are vulnerable to RHSA-2021:0056. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade openssl to version or higher.

References

high severity

RHSA-2019:1467

  • Vulnerable module: python
  • Introduced through: python@2.6.6-66.el6_8
  • Fixed in: 0:2.6.6-68.el6_10

Detailed paths

  • Introduced through: centos:6.10@* python@2.6.6-66.el6_8

Overview

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

high severity

RHSA-2019:1467

  • Vulnerable module: python-libs
  • Introduced through: python-libs@2.6.6-66.el6_8
  • Fixed in: 0:2.6.6-68.el6_10

Detailed paths

  • Introduced through: centos:6.10@* python-libs@2.6.6-66.el6_8

Overview

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

high severity

RHSA-2019:1774

  • Vulnerable module: vim-minimal
  • Introduced through: vim-minimal@2:7.4.629-5.el6_8.1
  • Fixed in: 2:7.4.629-5.el6_10.2

Detailed paths

  • Introduced through: centos:6.10@* vim-minimal@2:7.4.629-5.el6_8.1

Overview

Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es): * vim/neovim: ':source!' command allows arbitrary command execution via modelines (CVE-2019-12735) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

high severity

RHSA-2018:2284

  • Vulnerable module: yum-plugin-fastestmirror
  • Introduced through: yum-plugin-fastestmirror@1.1.30-41.el6
  • Fixed in: 0:1.1.30-42.el6_10

Detailed paths

  • Introduced through: centos:6.10@* yum-plugin-fastestmirror@1.1.30-41.el6

Overview

The yum-utils packages provide a collection of utilities and examples for the yum package manager to make yum easier and more powerful to use. Security Fix(es): * yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Jay Grizzard (Clover Network) and Aaron Levy (Clover Network) for reporting this issue.

high severity

RHSA-2018:2284

  • Vulnerable module: yum-plugin-ovl
  • Introduced through: yum-plugin-ovl@1.1.30-41.el6
  • Fixed in: 0:1.1.30-42.el6_10

Detailed paths

  • Introduced through: centos:6.10@* yum-plugin-ovl@1.1.30-41.el6

Overview

The yum-utils packages provide a collection of utilities and examples for the yum package manager to make yum easier and more powerful to use. Security Fix(es): * yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Jay Grizzard (Clover Network) and Aaron Levy (Clover Network) for reporting this issue.

medium severity

RHSA-2020:4183

  • Vulnerable module: bind-libs
  • Introduced through: bind-libs@32:9.8.2-0.68.rc1.el6
  • Fixed in: 32:9.8.2-0.68.rc1.el6_10.8

Detailed paths

  • Introduced through: centos:6.10@* bind-libs@32:9.8.2-0.68.rc1.el6

Overview

Affected versions of this package are vulnerable to RHSA-2020:4183. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: truncated TSIG response can lead to an assertion failure (CVE-2020-8622) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade bind-libs to version or higher.

References

medium severity

RHSA-2020:4183

  • Vulnerable module: bind-utils
  • Introduced through: bind-utils@32:9.8.2-0.68.rc1.el6
  • Fixed in: 32:9.8.2-0.68.rc1.el6_10.8

Detailed paths

  • Introduced through: centos:6.10@* bind-utils@32:9.8.2-0.68.rc1.el6

Overview

Affected versions of this package are vulnerable to RHSA-2020:4183. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: truncated TSIG response can lead to an assertion failure (CVE-2020-8622) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade bind-utils to version or higher.

References

medium severity

RHEA-2019:3280

  • Vulnerable module: nspr
  • Introduced through: nspr@4.19.0-1.el6
  • Fixed in: 0:4.21.0-1.el6_10

Detailed paths

  • Introduced through: centos:6.10@* nspr@4.19.0-1.el6

Overview

Affected versions of this package are vulnerable to RHEA-2019:3280. Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The nss, nss-softokn and nss-util packages have been upgraded to upstream versions 3.44, and the nspr packages have been upgraded to upstream version 4.21. The upgraded versions provide a number of bug fixes and enhancements over the previous versions. Notably, these upgrades allow users to upgrade to Mozilla Firefox 68 Extended Support Release. (BZ#1684609, BZ#1743623, BZ#1743625, BZ#1743628)

Remediation

Upgrade nspr to version or higher.

References

medium severity

RHEA-2019:3280

  • Vulnerable module: nss
  • Introduced through: nss@3.36.0-8.el6
  • Fixed in: 0:3.44.0-7.el6_10

Detailed paths

  • Introduced through: centos:6.10@* nss@3.36.0-8.el6

Overview

Affected versions of this package are vulnerable to RHEA-2019:3280. Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The nss, nss-softokn and nss-util packages have been upgraded to upstream versions 3.44, and the nspr packages have been upgraded to upstream version 4.21. The upgraded versions provide a number of bug fixes and enhancements over the previous versions. Notably, these upgrades allow users to upgrade to Mozilla Firefox 68 Extended Support Release. (BZ#1684609, BZ#1743623, BZ#1743625, BZ#1743628)

Remediation

Upgrade nss to version or higher.

References

medium severity

RHSA-2018:2898

  • Vulnerable module: nss
  • Introduced through: nss@3.36.0-8.el6
  • Fixed in: 0:3.36.0-9.el6_10

Detailed paths

  • Introduced through: centos:6.10@* nss@3.36.0-8.el6

Overview

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting this issue.

medium severity

RHEA-2019:3280

  • Vulnerable module: nss-softokn
  • Introduced through: nss-softokn@3.14.3-23.3.el6_8
  • Fixed in: 0:3.44.0-5.el6_10

Detailed paths

  • Introduced through: centos:6.10@* nss-softokn@3.14.3-23.3.el6_8

Overview

Affected versions of this package are vulnerable to RHEA-2019:3280. Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The nss, nss-softokn and nss-util packages have been upgraded to upstream versions 3.44, and the nspr packages have been upgraded to upstream version 4.21. The upgraded versions provide a number of bug fixes and enhancements over the previous versions. Notably, these upgrades allow users to upgrade to Mozilla Firefox 68 Extended Support Release. (BZ#1684609, BZ#1743623, BZ#1743625, BZ#1743628)

Remediation

Upgrade nss-softokn to version or higher.

References

medium severity

RHEA-2019:3280

  • Vulnerable module: nss-softokn-freebl
  • Introduced through: nss-softokn-freebl@3.14.3-23.3.el6_8
  • Fixed in: 0:3.44.0-5.el6_10

Detailed paths

  • Introduced through: centos:6.10@* nss-softokn-freebl@3.14.3-23.3.el6_8

Overview

Affected versions of this package are vulnerable to RHEA-2019:3280. Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The nss, nss-softokn and nss-util packages have been upgraded to upstream versions 3.44, and the nspr packages have been upgraded to upstream version 4.21. The upgraded versions provide a number of bug fixes and enhancements over the previous versions. Notably, these upgrades allow users to upgrade to Mozilla Firefox 68 Extended Support Release. (BZ#1684609, BZ#1743623, BZ#1743625, BZ#1743628)

Remediation

Upgrade nss-softokn-freebl to version or higher.

References

medium severity

RHEA-2019:3280

  • Vulnerable module: nss-sysinit
  • Introduced through: nss-sysinit@3.36.0-8.el6
  • Fixed in: 0:3.44.0-7.el6_10

Detailed paths

  • Introduced through: centos:6.10@* nss-sysinit@3.36.0-8.el6

Overview

Affected versions of this package are vulnerable to RHEA-2019:3280. Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The nss, nss-softokn and nss-util packages have been upgraded to upstream versions 3.44, and the nspr packages have been upgraded to upstream version 4.21. The upgraded versions provide a number of bug fixes and enhancements over the previous versions. Notably, these upgrades allow users to upgrade to Mozilla Firefox 68 Extended Support Release. (BZ#1684609, BZ#1743623, BZ#1743625, BZ#1743628)

Remediation

Upgrade nss-sysinit to version or higher.

References

medium severity

RHSA-2018:2898

  • Vulnerable module: nss-sysinit
  • Introduced through: nss-sysinit@3.36.0-8.el6
  • Fixed in: 0:3.36.0-9.el6_10

Detailed paths

  • Introduced through: centos:6.10@* nss-sysinit@3.36.0-8.el6

Overview

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting this issue.

medium severity

RHEA-2019:3280

  • Vulnerable module: nss-tools
  • Introduced through: nss-tools@3.36.0-8.el6
  • Fixed in: 0:3.44.0-7.el6_10

Detailed paths

  • Introduced through: centos:6.10@* nss-tools@3.36.0-8.el6

Overview

Affected versions of this package are vulnerable to RHEA-2019:3280. Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The nss, nss-softokn and nss-util packages have been upgraded to upstream versions 3.44, and the nspr packages have been upgraded to upstream version 4.21. The upgraded versions provide a number of bug fixes and enhancements over the previous versions. Notably, these upgrades allow users to upgrade to Mozilla Firefox 68 Extended Support Release. (BZ#1684609, BZ#1743623, BZ#1743625, BZ#1743628)

Remediation

Upgrade nss-tools to version or higher.

References

medium severity

RHSA-2018:2898

  • Vulnerable module: nss-tools
  • Introduced through: nss-tools@3.36.0-8.el6
  • Fixed in: 0:3.36.0-9.el6_10

Detailed paths

  • Introduced through: centos:6.10@* nss-tools@3.36.0-8.el6

Overview

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting this issue.

medium severity

RHEA-2019:3280

  • Vulnerable module: nss-util
  • Introduced through: nss-util@3.36.0-1.el6
  • Fixed in: 0:3.44.0-1.el6_10

Detailed paths

  • Introduced through: centos:6.10@* nss-util@3.36.0-1.el6

Overview

Affected versions of this package are vulnerable to RHEA-2019:3280. Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The nss, nss-softokn and nss-util packages have been upgraded to upstream versions 3.44, and the nspr packages have been upgraded to upstream version 4.21. The upgraded versions provide a number of bug fixes and enhancements over the previous versions. Notably, these upgrades allow users to upgrade to Mozilla Firefox 68 Extended Support Release. (BZ#1684609, BZ#1743623, BZ#1743625, BZ#1743628)

Remediation

Upgrade nss-util to version or higher.

References

medium severity

RHSA-2019:2471

  • Vulnerable module: openssl
  • Introduced through: openssl@1.0.1e-57.el6
  • Fixed in: 0:1.0.1e-58.el6_10

Detailed paths

  • Introduced through: centos:6.10@* openssl@1.0.1e-57.el6

Overview

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: 0-byte record padding oracle (CVE-2019-1559) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References